OpenVPN works fine over TCP port 443 but fails to connect over UDP port 53. I've checked firewalls. Initial handshake works fine but then client hangs in WAIT state. VPN server is Ubuntu and client is Windows.

Update: just tried to connect from different network and everything worked fine. What may be broken in my network?

One possible case is MTU of your link being smaller than the size of packets OpenVPN exchanges, and PMTU-D is broken for at least one hop in your network link. See e.g. this and this and this in general. Note that your server or client might be misconfigured to ignore ICMP "can't fragment" messages which break PMTU-D (see this for more info).
–
kostixMay 21 '14 at 13:16

IOW, while the first two links explain possible workarounds, it's usually better to make sure both ends of your link are able to detect the MSS by themselves, and use it, and for that to work, you need to have working PMTU-D on both ends and all the hops between them.
–
kostixMay 21 '14 at 13:18

Also note that forcibly setting MTU too low might bite your Windows client if it joins a domain and hence uses Kerberos for authentication: Kerberos by default uses UDP (port 88, IIRC), and its ticket request/response datagrams might be quire large -- almost hitting the 1500 limit of Ethernet frames. And if you'll artifically lower the OpenVPN's link below something like 1.4k, you will experience Kerberos failing strangely, and authentication problems. On the other hand, Windows might be condigured to use TCP for Kerberos exchanges.
–
kostixMay 21 '14 at 13:21